rpm package
opensuse/uftpd&distro=openSUSE Leap 15.1
pkg:rpm/opensuse/uftpd&distro=openSUSE%20Leap%2015.1
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-14149 | — | < 2.12-lp151.2.6.1 | 2.12-lp151.2.6.1 | Jun 15, 2020 | In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command. | ||
| CVE-2020-5204 | — | < 2.11-lp151.2.3.1 | 2.11-lp151.2.3.1 | Jan 6, 2020 | In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addr |
- CVE-2020-14149Jun 15, 2020affected < 2.12-lp151.2.6.1fixed 2.12-lp151.2.6.1
In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.
- CVE-2020-5204Jan 6, 2020affected < 2.11-lp151.2.3.1fixed 2.11-lp151.2.3.1
In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addr